A Definitive Guide to Understanding and Meeting the CIS Critical Security Controls

Implementing the CIS Top 20 Critical Security Controls is a great way to protect your organization from some of the most common types of cyberattacks, but it can be difficult to understand exactly how to put these concepts into practice. Rapid7’s Advisory Services team, which specializes in security assessments for organizations, developed this guide to explain each of the 20 CIS Critical Security Controls in plain language and assess how it can be approached, evaluated, and implemented.

Overview

Everywhere, security practitioners are wondering, “How can I be prepared to stop known attacks?” A complete overhaul of your security program would be ideal, but these types of changes don’t happen overnight. Luckily, the CIS Top 20 Critical Security Controls were developed to provide a framework of real ideas and actions that can be incrementally incorporated into your security program to strengthen your approach to security and stop today’s most pervasive and dangerous threats.

Use this guide to better understand how to approach and implement each of the key controls so you can go on to develop a best-in-class security program for your organization.

The CIS Critical Security Controls are the industry standard for good security. Are you up to par?

Rapid7 (NASDAQ:RPD) powers the practice of SecOps by delivering shared visibility, analytics, and automation that unites security, IT, and DevOps teams. The Rapid7 Insight platform empowers these teams to jointly manage and reduce risk, detect and contain attackers, and analyze and optimize operations. Rapid7 technology, services, and research drive vulnerability management, application security, incident detection and response, and log management for more than 7,000 organizations across more than 120 countries, including 52% of the Fortune 100.

Promoted Content

30-Day Trial: UBA-Powered SIEM with Rapid7's InsightIDR

Rapid7 InsightIDR delivers trust and confidence: you can trust that any suspicious behavior is being detected, and have confidence that with the full context, you can quickly remediate.
From working hand-in-hand with security teams, we understand how painful it is to triage, false-positive, vague alerts and jump between siloed tools, each monitoring a bit of the network.
InsightIDR combines SIEM, UBA, and EDR capabilities to unify your existing network & security stack. By correlating the millions of events your organization generates daily to the exact users and assets behind them, you can reliably detect attacks and expose risky behavior - all in real-time.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.